diff --git a/nmap.cc b/nmap.cc
index 4b7d3fede..53f514d3f 100644
--- a/nmap.cc
+++ b/nmap.cc
@@ -900,13 +900,13 @@ int nmap_main(int argc, char *argv[]) {
 	o.setVersionTrace(true);
 	o.debugging++;
       } else if (optcmp(long_options[option_index].name, "data-length") == 0) {
-	o.extra_payload_length = atoi(optarg);
-	if (o.extra_payload_length < 0) {
-	  fatal("data-length must be greater than 0");
-	} else if (o.extra_payload_length > 0) {
-	  o.extra_payload = (char *) safe_malloc(o.extra_payload_length);
-	  get_random_bytes(o.extra_payload, o.extra_payload_length);
-	}
+    o.extra_payload_length = (int)strtoll( optarg, NULL, 10);
+    if (o.extra_payload_length < 1 || o.extra_payload_length > MAX_PAYLOAD_ALLOWED)
+      fatal("data-length must be between 1 and %d", MAX_PAYLOAD_ALLOWED);
+    if (o.extra_payload_length > 1400 ) /* 1500 - IP with opts - TCP with opts. */
+      error("WARNING: Payloads bigger than 1400 bytes may not be sent successfully.");
+    o.extra_payload = (char *) safe_malloc(o.extra_payload_length);
+    get_random_bytes(o.extra_payload, o.extra_payload_length);
       } else if (optcmp(long_options[option_index].name, "send-eth") == 0) {
 	o.sendpref = PACKET_SEND_ETH_STRONG;
       } else if (optcmp(long_options[option_index].name, "send-ip") == 0) {
diff --git a/nmap.h b/nmap.h
index 47f7c60f6..e0b56da04 100644
--- a/nmap.h
+++ b/nmap.h
@@ -399,6 +399,10 @@ void *realloc();
 #define MAXHOSTNAMELEN 64
 #endif
 
+/* Max payload: Worst case is IPv4 with 40bytes of options and TCP with 20
+ * bytes of options. */
+#define MAX_PAYLOAD_ALLOWED 65535-60-40
+
 #ifndef recvfrom6_t
 #  define recvfrom6_t int
 #endif